Jamie Whitehouse

Recent Posts by Jamie Whitehouse:

According to the recent DevSecOps Community survey, 80 - 90% of a modern application is assembled using open source and third party components. This is true whether you develop in Java, .NET, Ruby, Python or any other language. While these components dramatically improve the efficiency and velocity of development, they are often consumed without enough knowledge to underlying dependencies, license requirements, or potential security vulnerabilities.

While there are many books I have read during my career as a software engineer, there are a handful that have been influential in my thinking. Here are my top 2 books for software developers. If you've read them before, you might want to read them again through the experience lens of your development career.

One of my responsibilities at Sonatype is creating the pages that communicate licensing and security information in Nexus Professional and Insight for CI. We have a large team that is responsible for these pages and making sure that we’re providing accurate information. You would be surprised at the number of interesting edge cases that we identify in the process of scanning 400,000+ artifacts in Central. From invalid licenses to exotic, one-off licenses that include odd requirements, everyone who works on this team has had to become an expert in OSS licensing.

Sonatype’s writing more and more about security as a part of our launch of the Sonatype Insight service, and while not directly related to our product, I wanted to let people know about a tool I’ve found that could be useful when you are evaluating password security. Passwords are an unavoidable reality these days, not everything can be based on SSH and GPG keys, and systems like Nexus and Insight often require users to select a password.